Share 
## https://sploitus.com/exploit?id=6924F235-DBF6-533C-B9B9-419F30C11C10
# ๐Ÿšจ MegaScanner โ€” Ethical Web Vulnerability Mega Scanner v2.0

> **โš ๏ธ AUTHORIZED PENTEST USE ONLY** โ€” Use exclusively on targets you own or have explicit written permission to test. Unauthorized scanning is illegal under CFAA (US), Computer Misuse Act (UK), and equivalents worldwide.

## Features

| Module | Capabilities |
|--------|-------------|
| **Reconnaissance** | Subdomain enumeration (150+ prefixes), tech fingerprinting, security headers audit, HTTPS/TLS checks, robots.txt & sitemap.xml parsing |
| **Directory Discovery** | 500+ path brute-force, wildcard/custom 404 detection, multi-threaded, severity classification |
| **Vulnerability Scanner** | Reflected XSS, SQL injection (error-based), open redirects, CSRF, CORS misconfiguration, cookie security, information leakage |
| **Port Scanner** | Top 100 TCP ports via Nmap, service/version detection, risky service flagging |
| **CMS Scanner** | WordPress (plugins, config backups, XML-RPC, REST API user enum), Joomla (CVE-2023-23752), Drupal (Drupalgeddon) |
| **CVE Checker** | 30+ built-in CVE fingerprints, optional NVD API 2.0 live lookup |
| **AI Risk Scoring** | Ollama/Llama 3.1 intelligent analysis with rule-based fallback |
| **Reporting** | Professional dark-themed HTML reports + structured JSON |

## Installation

```bash
# Clone & install dependencies
cd booghost
pip install -r requirements.txt

# Required system tools
brew install nmap          # macOS
# sudo apt install nmap    # Debian/Ubuntu

# Optional: AI scoring
curl -fsSL https://ollama.ai/install.sh | sh
ollama pull llama3.1
```

## Usage

```bash
# Full scan with reports
python mega_scanner.py -u https://target.com -o report.json --html report.html

# Fast scan with more threads
python mega_scanner.py -u https://target.com -t 20 --delay 0.3

# Recon only
python mega_scanner.py -u https://target.com --scan-type recon

# Directory brute-force only
python mega_scanner.py -u https://target.com --scan-type dirs

# Vulnerability scan only
python mega_scanner.py -u https://target.com --scan-type vuln

# Port scan only
python mega_scanner.py -u https://target.com --scan-type ports

# CMS-specific scan only
python mega_scanner.py -u https://target.com --scan-type cms
```

## CLI Options

| Flag | Description | Default |
|------|-------------|---------|
| `-u, --url` | Target URL (required) | โ€” |
| `-t, --threads` | Thread count | 10 |
| `--delay` | Delay between requests (seconds) | 0.5 |
| `-o, --output` | JSON report output file | โ€” |
| `--html` | HTML report output file | โ€” |
| `--scan-type` | `full`, `recon`, `dirs`, `vuln`, `ports`, `cms`, `cve` | `full` |

## Project Structure

```
booghost/
โ”œโ”€โ”€ mega_scanner.py          # CLI entrypoint
โ”œโ”€โ”€ requirements.txt         # Dependencies
โ”œโ”€โ”€ README.md
โ”œโ”€โ”€ wordlists/
โ”‚   โ””โ”€โ”€ directories.txt      # 500+ paths for brute-forcing
โ””โ”€โ”€ scanner/
    โ”œโ”€โ”€ __init__.py
    โ”œโ”€โ”€ utils.py             # Stealth headers, safe HTTP, colors, banner
    โ”œโ”€โ”€ recon.py             # Reconnaissance module
    โ”œโ”€โ”€ dir_bruteforce.py    # Directory discovery
    โ”œโ”€โ”€ vuln_scanner.py      # Vulnerability detection
    โ”œโ”€โ”€ port_scanner.py      # Nmap port scanning
    โ”œโ”€โ”€ cms_scanner.py       # CMS-specific checks
    โ”œโ”€โ”€ cve_checker.py       # CVE matching
    โ”œโ”€โ”€ ai_scorer.py         # AI risk scoring
    โ””โ”€โ”€ reporter.py          # JSON/HTML reports
```

## Legal Disclaimer

This tool is designed for **authorized security testing only**. Always:
- Obtain **written permission** before testing any target
- Respect **scope limitations** defined in bug bounty programs
- Follow responsible disclosure practices
- Comply with all applicable laws and regulations

The authors assume no liability for misuse of this tool.